Hackers hoarding Windows XP exploits for cut-off bonanza

With just less than a month until support for Windows XP ends, the security community has warned that hackers are hoarding exploits to let loose on unsuspecting firms once support ends.

After 8 April Microsoft will not release any more updates for the platform. This means that for hackers any holes in the platform they exploit will not be patched, presenting a potential gold mine.

Trouble aheadMark Brown, director of information security at EY, told V3 that he believes the end of support for XP will open the floodgates for hackers to release all manner of attacks.

“There could be a nightmare scenario where it becomes the Wild West, or it could be another Y2K situation where nothing actually happens,” he said.

“However, given how prevalent cyber issues have become, I would be surprised if there is a not a stock of zero-day exploits waiting to be released in April.”

Trend Micro security director Rik Ferguson is of the same opinion. “There will vulnerabilities that will be exploited – that is a given,” he told V3. “It would be short-sighted to claim all the vulnerabilities have been found, because there will still be exploits.”

Finnish security firm F-Secure was similarly candid in its assessment of the situation. "When (not if) a powerful zero-day exploit makes its way to market – that's when the real concerns begin and important questions will be asked," it said in a recent security report.

Jason Steer, director of technology strategy at FireEye, added: "Opportunist attackers won’t want to miss the chance to attack a platform that no longer patches against new zero-day attacks."

Software Russian rouletteFor firms still on XP, then, they appear to be involved in a game of software Russian roulette where one of them will be hit, serving as a warning to the market.

“The first major exploit that hits the headlines is really going to drive the point home and convince those at the board level or in the executive team it is worth putting time and money into upgrading systems to avoid suffering the same fate,” said Ferguson.

However, Ferguson said it may not quite be the case that the day represents a deluge of exploits, as given the time it takes to migrate from XP, hackers will have a little while to pick their targets.

“For an enterprise to go through a complete desktop migration is a big deal and takes a long time, so there will be a reasonable period of time when hackers can make their move.”

This is scant consolation, though, and the situation appears bleak: those who have not migrated are very much on their own, with no-one V3 spoke to believing Microsoft will feel any obligation to patch any major issues that come to light.

Defensive measuresAs such the onus is very much on businesses to take action to defend themselves, as noted by Steve Durbin, global vice president of the Information Security Forum.

“Organisations would be well advised to take stock now of their exposure, if they haven’t already done so, and assess the risk that this might bring to their business,” he said. “They can then understand the scope of the problem and plan to mitigate against the potential risk that this might bring.”

F-Secure also provided some tips: "Air gapping systems or isolation to separate networks from critical intellectual property is recommended. Businesses should already be making moves such as this for bring your own device (BYOD) users. XP is just another resource to manage."

The obvious solution would of course be to move away from XP altogether, but this is not an easy task, as Steer explained.

"The problem is that this is an unrealistic timeframe because it will take a lot of time and money to do this. What they [businesses] need to do is build a mitigation strategy that increases monitoring and detection technologies to address the gap that will be created."

Whatever does happen after 8 April is impossible to predict, but what is clear from all those that V3 spoke to is that XP vulnerabilities exist, will be found and will be used, and one firm is going to be the first to bear the brunt of an attack.

The silver lining is that this could serve as an impetus for firms across the world to realise the end of XP support is serious. The question is, who is going to be that first victim?

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.